Article

Firms still not ready for GDPR with less than three weeks to go

07 May 2018

Only 6 in 10 company directors say they are confident their organisation will be ‘fully compliant’ with new data protection laws set to come in later this month [25 May], a new survey from the Institute of Directors reveals. The poll of 700 bosses shows many businesses remain unprepared for the changes with just three weeks to go until GDPR comes into force.

Business leaders’ confidence in their preparations has declined over the past six months as the sheer scale of the regulations has come into view. Many business leaders are also less sure about how the new rules will affect their firms, with around 40% reporting they are not confident or unsure as to how GDPR will impact their company.

In preparing for the reforms, businesses were most likely to turn to external private advisors, business membership organisations, such as the IoD, and the Information Commissioner’s Office (ICO) for guidance. The IoD has so far directly assisted over a thousand of its members, providing guidance and template policies.

The new laws predominantly impact how businesses engage with customers and clients. However, directors also report that GDPR compliance is affecting processes in HR and IT, as well as their governance practices.

Jamie Kerr, Head of External Affairs at the Institute of Directors, said:

“GDPR has been a long time coming for businesses, but it is only proving more formidable as the deadline looms and companies drill down into the detail. The regulator has assured small businesses that there will be not be a sudden inquisition once the rules enter into effect, but with such large penalties for non-compliance, firms must assess what they have to do to avoid falling foul of the legislation, and they must do so soon.

“While the regulations may be burdensome, the overriding impulse amongst company directors now is simply to follow the rules. However, SMEs, who are facing a whole host of competing priorities and generally cannot rely upon dedicated compliance teams, are still finding it difficult to digest the sheer scale of the legal changes.

“The Government’s immediate priority should be to ensure the ICO has the resources it needs to make a big final push to assist small businesses in the run up to this month’s deadline”.

How confident are you that you fully understand how GDPR will affect the running of your business?

Apr 18

Aug 17

Very confident

14%

18%

Confident*

46%

48%

Neither

21%

17%

Unconfident*

13%

10%

Very unconfident

4%

6%

Don’t know

2%

0%

How confident are you that you will be fully compliant with the new rules by 25th May 2018?

Apr 18

Aug 17

Very confident

16%

43%

Confident*

43%

43%

Neither

21%

9%

Unconfident*

12%

4%

Very unconfident

2%

2%

Don’t know

3%

1%

Not applicable

2%

-

Which of the following has your organisation found the most useful for identifying information and guidance on GDPR compliance? (Apr 18 only)

External private advisors (IT consultants/legal firms)

26%

Business Membership Organisations

23%

Information Commissioner’s Office (ICO)

17%

We have in-house experts

14%

Other (please specify)

8%

Don’t know

6%

None of the above

6%

Within your primary organisation, which of the following have been most affected by GDPR compliance? (Apr 18 only)